How to Disable External Sharing in SharePoint Online?

May 5, 2023 Salaudeen Rajack 0 Comments disable external sharing in sharepoint online, disable external sharing sharepoint online powershell, disable external sharing sharepoint online site collection, how to disable external sharing in sharepoint online, sharepoint online disable external sharing, sharepoint online disable external sharing site collection

Requirement: Disable external sharing in SharePoint Online using PowerShell.

External sharing in SharePoint Online is a feature that enables users to share documents and content outside the organization with people who are not members of your organization, such as vendors, customers, consultants, etc. However, many organizations don’t want to open sharing because of security reasons! External sharing settings can be controlled at two levels: Tenant-wide and site collection levels.

To turn off external sharing in SharePoint Online at the tenant level, follow these steps:

Login to SharePoint Online Admin Center as a global admin or SharePoint Online administrator.
Expand “Policies” from the left navigation and click “Sharing”.
Change the Sharing Settings for SharePoint Online to “Only people in your organization” to disable external sharing.
Click on the “Save” button at the bottom to save your changes. This sets only members of the tenant can receive sharing invitations.

OneDrive for Business site’s External sharing settings depends on SharePoint’s Sharing settings! You cannot set OneDrive settings that are more permissive than the SharePoint Online tenant settings. (In other words, OneDrive for Business Sharing settings can be more restrictive than SharePoint Online’s Sharing settings).

If you are using the classic admin center, To turn off external sharing, do the following:

Under the “Sharing outside your organization” section, set the sharing option to “Don’t allow sharing outside your organization”.
Click on the “OK” button at the bottom to save your changes.

This prevents all users on all sites from sharing sites or sharing content on sites with external users.

We wanted to disable external sharing entirely for the organization.

#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
 
#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)
 
#Disable external sharing for the tenant
Set-SPOTenant -SharingCapability Disabled

The same can be achieved with PnP PowerShell as:

#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
 
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive
 
#Disable External Sharing for the tenant
Set-PnPTenant -SharingCapability Disabled

You can also disable external sharing at each individual SharePoint Online site collection. To disable external sharing at the site collection level using the SharePoint Online admin center, follow these steps:

Go to SharePoint Online Admin Center >> Select the desired Site collection from the list.
Click on the “Sharing” button >> Set the sharing settings to “Only people in the current organization”. Click on “Save” to commit your changes.

You can use PowerShell to further restrict sharing settings on individual SharePoint sites.

#Set Admin Center URL
$AdminCenterURL = "https://crescent-admin.sharepoint.com/"
$SiteURL="https://crescent.sharepoint.com/sites/operations"

#Connect to SharePoint Online
Connect-SPOService -url $AdminCenterURL -Credential (Get-Credential)

#Disable external sharing
Set-SPOSite $SiteURL -SharingCapability "Disabled"

Similarly, To disable external sharing using PnP PowerShell, use:

#Parameters
$TenantAdminURL = "https://crescent-admin.sharepoint.com"
$SiteURL = "https://crescent.sharepoint.com/sites/Purchase"
 
#Connect to Tenant Admin Site
Connect-PnPOnline -url $TenantAdminURL -Interactive

#Disable External Sharing for a site
Set-PnPTenantSite -Url $SiteURL -SharingCapability Disabled

Want to turn off external sharing for a particular user’s OneDrive? Sure! Here is the script:

#Parameter
$AdminCenterURL = "https://crescent-admin.sharepoint.com"
$OneDriveSiteURL = "https://crescent-my.sharepoint.com/personal/Salaudeen_crescent_com"
$SharingSettings = "Disabled" # Disabled, ExistingExternalUserSharingOnly, ExternalUserSharingOnly, ExternalUserAndGuestSharing
 
#Connect to Admin Center
Connect-SPOService -Url $AdminCenterURL
 
#Set External Sharing settings for an OneDrive site
Set-SPOSite -Identity $OneDriveSiteURL -SharingCapability $SharingSettings

External sharing is a great feature in Sharepoint Online that allows you to collaborate with people outside of your organization. However, there are times when you may want to disable this feature for security or compliance reasons. Here is the PowerShell script to disable external sharing on all SharePoint Online site collections:

#Parameters
$AdminCenterURL="https://crescent-admin.sharepoint.com"
$ExternalSharingSetting = "Disabled"

Try {
    #Connect to Admin center
    Connect-PnPOnline -URL $AdminCenterURL -Interactive

    #Get all sites where the setting is different from the given parameter - Exclude Seach Center, Redirect sites, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bots
    $SiteCollections = Get-PnPTenantSite | Where { $_.URL -like '*/sites*' -and $_.SharingCapability -ne $ExternalSharingSetting -and $_.Template -NotIn ` 
                            ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")}

    #Loop through each site and enable external sharing
    ForEach ($Site in $SiteCollections)
    {
        #Apply External sharing setting for the site
        Set-PnPTenantSite -Url $Site.Url -SharingCapability $ExternalSharingSetting
        Write-host "External sharing Setting updated for:" $Site.URL -f Green
    }
}
Catch {
    Write-host -f Red "Error:" $_.Exception.Message
}

You can verify this in your SharePoint Online admin center, as shown in the image above. To get the list of sites where sharing capability is disabled:

Get-SPOSite | Where {$_. SharingCapability -eq "Disabled"}

If you disable external sharing at site collection level, all existing external users will not be able to access the content inside the selected site collections. You have to re-invite them again. If you want to temporarily disable external user access, turn off external sharing at tenant level from the SharePoint Online Admin Center!

To enable external sharing in SharePoint Online, refer to How to Enable External Sharing in SharePoint Online using PowerShell?

Conclusion

In conclusion, disabling external sharing in SharePoint Online is a simple process that can be accomplished through the SharePoint admin center by navigating to the sharing settings. You can also easily restrict external access to your SharePoint sites using PowerShell. It is important to keep in mind that disabling external sharing may affect collaboration with external partners, so it should be used judiciously and only in situations where it is necessary to protect sensitive information.

How do I give access to an external user in SharePoint Online?

Make sure external sharing is enabled, browse to your SharePoint Online site >> Click on Site Settings >> Site Permissions >> Share Site. Enter the E-mail IDs of the external users, select the permission level such as “Read”, and then click on “Share” to add an external user to SharePoint Online.
More info: Grant access to external users in SharePoint Online

How to make a SharePoint Online site read only?

You can lock a SharePoint Online site to Read-Only mode, either with site policies or PowerShell.
More info: Set SharePoint Online site to Read-Only

SharePoint Diary

Salaudeen Rajack

Leave a Reply Cancel reply